nanog mailing list archives

Re: Jenkins amplification

From: Michael Thomas <mike () mtcc com>
Date: Mon, 3 Feb 2020 11:43:54 -0800


On 2/3/20 10:48 AM, Christopher Morrow wrote:


Sorry, to be a little less flippant and a bit more productive:
   "I don't think every remote endpoint needs full access (or even some
compromise based on how well you can/can't scale your VPN box's
policies) access to the internal network. I think you don't even want
to provide this access based on some loose ideas about 'ip address'
and 'vpn identity'."

Ideally you'd be able to authenticate and authorize and even
account(!) based on a real user-id + passwd + token (2fa thing).
Somethign akin to this:
   https://cloud.google.com/beyondcorp/

maybe using the googz work directly isn't your cup-o-joe(jane?) but...
the idea itself is the point I was aiming for.

So somebody is using the internet as it was originally designed. Willmiracles never cease.


Mike

Current thread:

Re: Jenkins amplification, (continued)
- - - Re: Jenkins amplification Christopher Morrow (Feb 03)
    - Re: Jenkins amplification Christopher Morrow (Feb 03)
    - Re: Jenkins amplification Matt Harris (Feb 03)
    - Re: Jenkins amplification Matt Harris (Feb 03)
    - Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
    - Re: Jenkins amplification Ryan Hamel (Feb 03)
    - Re: Jenkins amplification Jean | ddostest.me via NANOG (Feb 03)
    - Re: Jenkins amplification Christopher Morrow (Feb 03)
    - Re: Jenkins amplification Mike Meredith (Feb 04)
    - Re: Jenkins amplification Christopher Morrow (Feb 04)
    - Re: Jenkins amplification Michael Thomas (Feb 03)
    - Re: Jenkins amplification Sabri Berisha (Feb 03)
    - Re: Jenkins amplification Christopher Morrow (Feb 03)
    - Re: Jenkins amplification Large Hadron Collider (Feb 04)
    - Re: Jenkins amplification Daryl (Feb 04)
    - Re: Jenkins amplification Randy Bush (Feb 03)